Martin, You are correct. I've opened ticket 11049 on bugzilla.clamav.net to track the issues.
Thanks, Steve On Mon, Jun 30, 2014 at 12:10 PM, Martin Wilck <martin.wi...@ts.fujitsu.com> wrote: > Hello, > > I have recently made some experiments with on-access scanning with > clamd, using clamav 0.98.3 from Fedora 19. > > The documentation of the "OnAccessIncludePath" option says "Set the > include paths (all files inside them will be scanned)". > > The clamd code calls fanotify_mark() with > fan_mask=(FAN_ACCESS|FAN_EVENT_ON_CHILD). This means that clamd will > only receive events for *immediate* children of a directory listed as > "OnAccessIncludePath" (see fanotify_mark(2)). > > Is that really meant by "all files inside them will be scanned"? My > expectation would have been that by specifying "/home" as > OnAccessIncludePath, all user's home directories would be scanned > (rather than just regular files directly under /home, which is probably > an empty set). > > Why doesn't clamd use FAN_MARK_MOUNT instead? > > Regards > Martin > > PS: I'd also be curious to understand why FAN_ACCESS (notification on > read) is used by clamd. For the commen case of files that are read more > often than written, this would result some files being re-scanned over > and over again. Why not scan files as they are written, at least for a > host's local, non-removable file systems? > > -- > Dr. Martin Wilck > PRIMERGY System Software Engineer > x86 Server Engineering > > FUJITSU > Fujitsu Technology Solutions GmbH > Heinz-Nixdorf-Ring 1 > 33106 Paderborn, Germany > Phone: ++49 5251 525 2796 > Fax: ++49 5251 525 2820 > Email: martin.wi...@ts.fujitsu.com > Internet: http://ts.fujitsu.com > Company Details: http://ts.fujitsu.com/imprint > _______________________________________________ > http://lurker.clamav.net/list/clamav-devel.html > Please submit your patches to our Bugzilla: http://bugs.clamav.net > _______________________________________________ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net